Default database credentials returned as blank
Closed this issue · 9 comments
Terraform Version
Terraform v1.5.6
on darwin_arm64
+ provider registry.terraform.io/kislerdm/neon v0.2.2
Provider Version
0.2.2
Affected Resource(s)
- neon_project
Terraform Configuration Files
terraform {
required_providers {
neon = {
source = "kislerdm/neon"
version = "0.2.2"
}
}
}
provider "neon" {}
resource "neon_project" "this" {
name = var.project_name
region_id = var.region
branch {
name = "master"
database_name = "neon-test"
role_name = "admin"
}
}
output "database_password" {
value = neon_project.this.database_password
sensitive = true
}
output "connection_uri" {
value = neon_project.this.connection_uri
sensitive = true
}
Debug Output
https://gist.github.com/domenikk/cdba0c29d2fdba4b61375d0a1daa8e5c
Expected Behavior
The outputs database_password
and connection_uri
should have the actual values as shown in Neon console.
Actual Behavior
Using terraform output -json
gives this result:
{
"connection_uri": {
"sensitive": true,
"type": "string",
"value": ""
},
"database_password": {
"sensitive": true,
"type": "string",
"value": ""
}
}
Both outputs are empty strings.
Steps to Reproduce
terraform apply
@kislerdm Hello again, Dmitry. I'm not sure if this is happening because of the provider or Neon's API.
But according to their API documentation, this information should be available in connection_uris
property of createproject
response: https://api-docs.neon.tech/reference/createproject
I have the same issue with
resource "neon_role" "this" {
project_id = neon_project.this.id
branch_id = neon_project.this.default_branch_id
name = "role_name"
}
neon_role.this.password
returns empty after I imported it
I have the same issue with
resource "neon_role" "this" { project_id = neon_project.this.id branch_id = neon_project.this.default_branch_id name = "role_name" }
neon_role.this.password
returns empty after I imported it
Same here. I tried downgrading to v0.2.1 to check if the behavior was introduced in v0.2.2, but the behavior persisted.
I added a logger (not sure if that is the best approach) and then I found out that the password is correctly created in the first-ever run of the "neon_role" resource, but if you just run terraform apply again, it vanishes.
Here is my code:
resource "neon_role" "instance" {
count = var.dbms_provider.neon == null ? 0 : 1
project_id = var.dbms_provider.neon.project_id
branch_id = var.dbms_provider.neon.branch_id
name = var.username
}
resource "null_resource" "neon_role_logger" {
count = var.dbms_provider.neon == null ? 0 : 1
triggers = {
timestamp = timestamp()
}
provisioner "local-exec" {
command = <<EOF
echo "${timestamp()}: name=${neon_role.instance[0].name}" >> ${path.module}/insecure-local-debug.log
echo "${timestamp()}: password=${neon_role.instance[0].password}" >> ${path.module}/insecure-local-debug.log
EOF
}
}
And here is my log output:
2023-10-20T11:44:07Z: name=fake-user
2023-10-20T11:44:07Z: password=4EruLCgQDP3q
2023-10-20T11:46:58Z: name=fake-user
2023-10-20T11:46:58Z: password=
Between 2023-10-20T11:44:07Z and 2023-10-20T11:46:58Z there were no code changes. I really just reapplied the terraform configuration running terraform plan
and terraform apply
again.
@amaralc Hey! Thank you for your feedback! I bet on releasing a fix next week. Although, don't hesitate to open PR with a fix yourself if you've identified the root cause.
@kislerdm, I would love to do so once I get more familiar with Go and with how to develop providers. I am currently a Terraform user but with no Go skills. Hope to change that soon enough though.